open-consul

History

R.B. Boyer 2dba16be52 peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 ) When traversing an exported peered service, the discovery chain evaluation at the other side may re-route the request to a variety of endpoints. Furthermore we intend to terminate mTLS at the mesh gateway for arriving peered traffic that is http-like (L7), so the caller needs to know the mesh gateway's SpiffeID in that case as well. The following new SpiffeID values will be shipped back in the peerstream replication: - tcp: all possible SpiffeIDs resulting from the service-resolver component of the exported discovery chain - http-like: the SpiffeID of the mesh gateway	2022-06-27 14:37:18 -05:00
..
maps.go	peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 )	2022-06-27 14:37:18 -05:00
maps_test.go	peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 )	2022-06-27 14:37:18 -05:00

peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 )

When traversing an exported peered service, the discovery chain
evaluation at the other side may re-route the request to a variety of
endpoints. Furthermore we intend to terminate mTLS at the mesh gateway
for arriving peered traffic that is http-like (L7), so the caller needs
to know the mesh gateway's SpiffeID in that case as well.

The following new SpiffeID values will be shipped back in the peerstream
replication:

- tcp: all possible SpiffeIDs resulting from the service-resolver
        component of the exported discovery chain

- http-like: the SpiffeID of the mesh gateway

2022-06-27 14:37:18 -05:00

maps.go

peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 )

2022-06-27 14:37:18 -05:00

maps_test.go

peering: replicate all SpiffeID values necessary for the importing side to do SAN validation (#13612 )

2022-06-27 14:37:18 -05:00